How secure is OpenVPN connect Android?

I'm new here, so I apologize for my lack of knowledge on this subject. I have access to wifi at work. Small company and its a very liberal usage policy. People stream videos, music, Facebook... You name it. I don't like the idea of my info being seen by the powers to be so I signed up for BolehVPN. Installed it on my Android device and all works well. My question is, even though it says it's running, how confident can I be that people peaking in can't see what I'm viewing, reading, researching etc? I get terrible reception with my phone in my office, otherwise I would just use the data from cell provider instead of through the wifi. One other question.. When I have the VPN turned on and connected, and then I run a speed test ( all of this in my mind you) it always picks a server very close to where I'm located. I don't have gps on.. So I'm a little worried the somehow information from my phone is being picked up because how else would a speed test app such as Ookla know a nearby server when my VPN connection exit is in Another country? Thanks for any info/help/suggestions.

I haven't tried this yet on Android, so I don't exactly know the answer to your questions.

But in general, with Linux, what you need to do to be sure that your traffic is only going through the VPN is to use a firewall to disallow all traffic, except to the IP address of your VPN service. So you should search for information about how to do this in Android.

There can also be issues with DNS leaks, although I don't know if this is a problem with VPNs through Android, but you may want to research that also.

Other forum members have also said that the BolehVPN customer service is very helpful and responsive. So you may want to just email them with your questions, so they can point you to guides to make sure your phone is working the way you want it to work.

Haven't looked into it, but if you've run any 'in the clear' speed tests with the app before, maybe it remembers where you were through some type of ID or cookie like behavior? One way I could think to test, is to clear cache and data for the app, force close, and uninstall. Then re-install while on the VPN and run a test. Maybe even sideload a clean copy of the .apk, so you don't get it from your Google account on the store?

Definitely an issue. Using both Bolehvpn and mullvad over the same wifi home router as my PC, my android phone is not displaying the same information via ipsleak.net. For example, right now my pc is connected to the netherlands server on Mullvad. When I go to ipsleak it shows my ips address coming from the netherlands. On my phone, its showing California. So something isn't right in the OpenVPN program. Also, when I check the IP addresses, they are not similar. ( thought I don't live near California )

Bigger concern for me is using Ookla Speed test. The entire purpose of its software is testing your current internet speeds based on using their severs that are closest proximity to your location based on ping for accurate speed measurements. That's find and dandy but the problem is, my PC is showing the closest server somewhere in Europe near the Netherlands.. my phone is showing the closest server 15 mins from my current location.

- I wiped Ookla from my phone. Wiped the cache. I downloaded a cleaner program to remove leftover data junk. I rebooted my phone, connected to the VPN, then re-installed the Ookla speed test software and ran it again. Same thing. Even though I am connected to a VPN with exit point in Netherlands, it still knows that my location is within 15 miles of a selected server here in the US. I tried looking up DNS leaks and forcing traffic over VPN on android, searches just turn up exactly what I did. Installing profiles from a trusted VPN service using OpenVpn Connect or the like. I'm not an expert on any of this, but I am smart enough to download the profiles and follow their directions on the web, and this is happening via two different paid VPN services. Mullvad and BolehVPN.

I appreciate both of the suggestions, if anyone else has any info I would really appreciate trying other things. going to contect BolehVPN now. Thanks

PaulyDefran said:

Haven't looked into it, but if you've run any 'in the clear' speed tests with the app before, maybe it remembers where you were through some type of ID or cookie like behavior? One way I could think to test, is to clear cache and data for the app, force close, and uninstall. Then re-install while on the VPN and run a test. Maybe even sideload a clean copy of the .apk, so you don't get it from your Google account on the store?

Ok, it may be pulling data from some GApps or previous GPS apps, etc... I don't know. The next test I could think of, would be to wipe the phone and install a minimal custom AOSP ROM, with minimal GApp package. Before setting up *any* Google account, sideload the VPN app and the Ookla app. Connect then and see what it shows. This is obviously an advanced test, though you could do a Nandroid backup with TWRP, and be back to where you were in minutes. You'd need to know how to root, busybox, recovery install, etc... x942 is the guru on this stuff, hopefully he can give some ideas.

So, you got me interested. I don't use the VPN Connect app (which is from OpenVPN, correct?). I use one called OpenVPN for Android, by Arne Schwab. I just connected to an Air server in Switzerland, and the Ookla Speedtest app showed all servers in the EU (I am not in the EU right now). So maybe try Arne's app instead? This was on an unlocked, rooted, Nexus 5, running Stock KitKat...haven't custom ROM'd it yet. Something is weird on your setup.

P.S. This is with all Google apps syncing to all my real accounts too...so disregard my advice above. The Ookla app doesn't seem to be grabbing any outside data.

Yeah I feel a little stupid. Turns out that under location services, "Access to my location" was turned on. Turning this off fixed the problem GPS was off, but this was on, so I'm guessing this gives a fairly accurate location estimate. I searched and Ookla says they determine location based off ip, and pinging nearby routers, apparently with Android they use other options when available. Like, just asking your phone where in the hell you're at! Lol

Ok, good...glad it wasn't OpenVPN Connect (I'll have to try that out, and see how it differs from Arne Schwab's app). Yeah, first thing I do, before I even enter my Google account info, is turn off ALL location services, and set GPS to 'Device Only' and then turn it OFF. Android will always pop up a request to enable location services when you want to use GPS...just always say NO. (Same with Camera, but the NO setting sticks for that).